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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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DETAILED ACTION 

1 . Claims 1-24 are presented for examination. 

2. It is noted that although the present application does contain line numbers in specification and 
claims, the line numbers in the claims do not correspond to the preferred format. The preferred format is 
to number each line of every claim, with each claim beginning with line 1 . For ease of reference by both 
the Examiner and Applicant all future correspondence should include the recommended line numbering. 

Claim Analysis 

3. Claim 1 will be interpreted as follows. Receiving user requests to transmit packets over a 
network to a second node over the network, a determination is made to see if the user has access rights to 
access said second node within a security zone. If the user is authorized for access, the packets are 
forwarded towards the second node in said security zone. The term "security zone" is loosely used in the 
claim, specification failed to particularly point out or define the phrase "security zone". The Examiner 
interpret "security zone" in light of the specification, as a group resources, i.e. network nodes, in a 
particular network, for example, a domain, a zone/area on a network comprising multiple network nodes. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless -- 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who has 
fulfilled the requirements of paragraphs (1), (2), and (4) of section 371 (c) of this title before the invention thereof by 
the applicant for patent. 

5. Claims 1-24 are rejected under 35 U.S.C. 102(e) as being anticipated by Cacace-Bailey et al. 
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(hereinafter Cacace-Bailey), US 6,61 1,916. 

6. As per claim 1, Cacace-Bailey teaches a method for selectively allowing a user of a multi-user 
system access a plurality of resources in a network, the method comprising: 

receiving a request originated from the user to transmit a message over network to one of plurality of 
resources (Col. 5, lines 55-56, first user's browser summit access request to another node on the second 
domain); 

identifying, from a plurality of security zones, a security zone associated with the one of the plurality 
of resources (Col. 5, lines 50-53, user select the domain he/she wishes to access, identifying is done by 
directing a browser to a secure domain via an URL, where secure domain is interpreted as secure zone); 

determining if the user is authorized access to the identified security zone (Col. 6, lines 13-18, second 
domain system authenticate the user to see if the network node has access rights to the second secure 
domain); and 

forwarding the message over the network to the one of the plurality resources only if it determined 
that the user is authorized access to the identified security zone (Col. 6, lines 16-24, authentication 
information authenticated, access is granted to the authenticated node). 

7. As per claim 2, Cacace-Bailey teaches 

associating a security zone with each of the plurality resources (Col. 3, lines 1-5, where each of the 
plurality of network nodes are associated with at least one secure environment / secure domain). 

8. As per claim 3, Cacace-Bailey teaches: 

specifying the security zones to which users of the multi-user system are authorized users (Col. 6, 
lines 13-23, each secure domain has authentication list to authenticate the requesting users). 

9. As per claim 4, Cacace-Bailey teaches: 
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accessing a data structure that specifies the security zone associated with each resource in the 
plurality of resources (Col. 6, lines 13-25, data structure implicitly exist within the second secure domain 
server. Note, the users from the first secure domain are accessing other nodes within the second secure 
domain, however an authentication with the second secure domain server is a pre-requisite prior to such 
access. Users of the first secure domain must inherently specify their own identification along with the 
information (i.e. second domain name and the access location) they wish to access within the second 
secure domain because such information are user specific, and must be identified for authorized access. 
Therefore, a table/database/data structure comprising the domain as well as node identifier are inherently 
taught in Cacace-Bailey). 

10. As per claim 5, Cacace-Bailey teaches: 

wherein at least one entry in the data structure specifies the security zone associated with a group of 
the resources in the plurality of resources (Col. 6, lines 13-25, data structure implicitly exist within the 
second secure domain server. Note, the users from the first secure domain are accessing other nodes 
within the second secure domain, however an authentication with the second secure domain server is a 
pre-requisite prior to such access. Users of the first secure domain must inherently specify their own 
identification along with the information (i.e. second domain name and the access location) they wish to 
access within the second secure domain because such information are user specific, and must be identified 
for authorized access. Therefore, a table/database/data structure comprising the domain as well as node 
identifier are inherently taught in Cacace-Bailey), and wherein identifying the security zone associated 
with the one of plurality of resources comprises identifying the security zone associated with the most 
specific entry in the data structure that includes the resource (Fig lb, 2, Col. 6, lines 13-25, further justify 
the identification of resources/nodes within the table/database/data structure. When attempting to access 
the second secure domain, the first secure domain does its own authentication. Without specifying the 
user nodes as well as the domain which the nodes are associated with, first secure domain would not 
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allow proper authentication. Upon authenticating with the second secure domain server, the users are 
accessing remote nodes located within second secure domain, therefore, the remote nodes are inherently 
identified within their access request in order for the second secure domain to forward packets upon 
proper authentication which are user request specific). 

11. As per claim 6, Cacace-Bailey teaches: 

the identifying and determining steps are performed within the multi-user system (Fig 2, item 20 and 

30). 

12. As per claim 7, Cacace-Bailey teaches: 

querying a security manager of the multi-user system to determine if the user is authorized access to 
the security zone associated with the one of the plurality of resources (Col. 6, lines 13-23, security 
manager is the secure domain servers, the secure domain servers check to see if the node has access to a 
particular domain, note, that each node is associated with at least one domain). 

13. As per claim 8, Cacace-Bailey teaches: 

the request to transmit a message is denied if it is determined that the user is not authorized access to 
the security zone associated with the one of plurality of resources before any data packets associated with 
the message are forwarded over the network (Col. 6, lines 13-23, secure domain server denies the request 
to access information on the second domain no information packets are exchanged after the deny of 
access). 

14. As per claim 9, Cacace-Bailey teaches: 

the network is an internet protocol network (Col. 2, line 65 - Col. 3, line 1). 
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15. As per claim 10, the claim is rejected for the same reasons as rejection to claim 1 above, in 
addition, Cacace-Bailey teaches: 

classifying the resource as being associated with a security zone from a plurality of security zones 
(Col. 6, lines 1-10, wherein a node on the network is classified as belonging to a first secure domain and 
has authentication rights associated with the first domain). 

16. As per claim 1 1, the claim is rejected for the same reasons as rejection to claim 1 above. 

17. As per claim 12, the claim is rejected for the same reasons as rejection to combination of claims 1 
and 4 above respectively. 

18. As per claim 13, the claim is rejected for the same reasons as rejection to claim 5 above. 

19. As per claims 14-18, the claims are rejected for the same reasons as rejection to claims 1-5 above 
respectively. 

20. As per claims 19-23, the claims are rejected for the same reasons as rejection to claims 1-5 above 
respectively. 

21. As per claim 24, the claim is rejected for the same reasons as rejection to claim 1 above. 

Conclusion 

22. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
The following patents and publications are cited to further show the state of the art with respect to 
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"Methods, Systems And Computer Program Products For Selectively Allowing Users Of A Multi-User 
System Access To Network Resources" 



i. 


US 2003-0041267 


Fee et al. 


ii 


US 5548649 


Jacobson 


iii. 


US 6473800 


Jerger et al. 


iv. 


US 2002-0099944 


Bowlin 


v. 


US 2001-0052073 


Kern et al. 



Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Chad Zhong whose telephone number is (571)272-3946. The examiner can normally be 
reached on M-F 7:15 to 4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
JAROENCHONWANIT, BUNJOB can be reached on (571)272-3913. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained 
from either Private PAIR or Public PAIR. Status information for unpublished applications is available 
through Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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